ScreenShot
| Created | 2024.09.03 09:38 | Machine | s1_win7_x6403 |
| Filename | Nezur.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, GameHack, malicious, high confidence, score, Tedy, Unsafe, Vl79, Attribute, HighConfidence, AGen, OY potentially unsafe, Artemis, FileRepMalware, Misc, Znyonm, CLOUD, Generic Reputation PUA, Hacktool, Detected, ai score=89, Sabsik, R639625, Whisperer, R002H09BQ24, 4iQ61fRbwVc, susgen, confidence) | ||
| md5 | d6f133dee71ed4c119a2d2aaf4cf3a69 | ||
| sha256 | 3c1ada57fbbe1a5fe4e56ab89545f9c38b888676ef303ffb2934d289937af83d | ||
| ssdeep | 24576:KXvvlrWIK0D/bUGtJlLlXTJqOYEorty9ANVKOgTzCEkXuaMUMzSTN:akI9DzUGtJlLlXF/tX9CvIaMUMzS | ||
| imphash | fcb66291bbc92600bc2c5e74df51cd00 | ||
| impfuzzy | 192:x9TvIpmGZyzWgT8YedOAcApQSgJRZ+3Ljr2Mc:XIwGZij1QLPHc | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d11.dll
0x140181e28 D3D11CreateDevice
D3DCOMPILER_47.dll
0x140181170 D3DCompile
dwmapi.dll
0x140181e58 DwmExtendFrameIntoClientArea
WS2_32.dll
0x140181958 htonl
0x140181960 ntohs
0x140181968 listen
0x140181970 recv
0x140181978 getaddrinfo
0x140181980 freeaddrinfo
0x140181988 recvfrom
0x140181990 sendto
0x140181998 getpeername
0x1401819a0 ioctlsocket
0x1401819a8 gethostname
0x1401819b0 WSAGetLastError
0x1401819b8 WSAEventSelect
0x1401819c0 getsockopt
0x1401819c8 WSASetLastError
0x1401819d0 closesocket
0x1401819d8 WSAWaitForMultipleEvents
0x1401819e0 WSAResetEvent
0x1401819e8 getsockname
0x1401819f0 connect
0x1401819f8 WSAEnumNetworkEvents
0x140181a00 send
0x140181a08 ind
0x140181a10 accept
0x140181a18 select
0x140181a20 __WSAFDIsSet
0x140181a28 socket
0x140181a30 htons
0x140181a38 WSAIoctl
0x140181a40 setsockopt
0x140181a48 WSACloseEvent
0x140181a50 WSACleanup
0x140181a58 WSAStartup
0x140181a60 WSACreateEvent
Normaliz.dll
0x140181698 IdnToAscii
0x1401816a0 IdnToUnicode
ADVAPI32.dll
0x140181000 RegCloseKey
0x140181008 RegQueryValueExA
0x140181010 RegOpenKeyExA
0x140181018 SetKernelObjectSecurity
0x140181020 InitializeAcl
0x140181028 InitializeSecurityDescriptor
0x140181030 FreeSid
0x140181038 OpenProcessToken
0x140181040 AddAccessDeniedAce
0x140181048 RegSetValueExA
0x140181050 LookupPrivilegeValueA
0x140181058 AllocateAndInitializeSid
0x140181060 RegDeleteKeyA
0x140181068 RegOpenKeyA
0x140181070 AdjustTokenPrivileges
0x140181078 SetSecurityDescriptorDacl
0x140181080 LookupPrivilegeValueW
0x140181088 RegCreateKeyA
0x140181090 CryptAcquireContextA
0x140181098 CryptReleaseContext
0x1401810a0 CryptGetHashParam
0x1401810a8 CryptEncrypt
0x1401810b0 CryptImportKey
0x1401810b8 CryptDestroyKey
0x1401810c0 CryptDestroyHash
0x1401810c8 CryptHashData
0x1401810d0 CryptCreateHash
0x1401810d8 GetLengthSid
CRYPT32.dll
0x1401810e8 CertCloseStore
0x1401810f0 CertEnumCertificatesInStore
0x1401810f8 CertFindCertificateInStore
0x140181100 CertFreeCertificateContext
0x140181108 CryptStringToBinaryA
0x140181110 PFXImportCertStore
0x140181118 CryptDecodeObjectEx
0x140181120 CertAddCertificateContextToStore
0x140181128 CertFindExtension
0x140181130 CertGetNameStringA
0x140181138 CertOpenStore
0x140181140 CertCreateCertificateChainEngine
0x140181148 CertFreeCertificateChainEngine
0x140181150 CertGetCertificateChain
0x140181158 CertFreeCertificateChain
0x140181160 CryptQueryObject
WLDAP32.dll
0x1401818c0 None
0x1401818c8 None
0x1401818d0 None
0x1401818d8 None
0x1401818e0 None
0x1401818e8 None
0x1401818f0 None
0x1401818f8 None
0x140181900 None
0x140181908 None
0x140181910 None
0x140181918 None
0x140181920 None
0x140181928 None
0x140181930 None
0x140181938 None
0x140181940 None
0x140181948 None
KERNEL32.dll
0x1401811a8 TerminateProcess
0x1401811b0 SetUnhandledExceptionFilter
0x1401811b8 UnhandledExceptionFilter
0x1401811c0 SleepConditionVariableSRW
0x1401811c8 WakeAllConditionVariable
0x1401811d0 GetLocaleInfoEx
0x1401811d8 FormatMessageA
0x1401811e0 GetFileInformationByHandleEx
0x1401811e8 GetModuleHandleW
0x1401811f0 AreFileApisANSI
0x1401811f8 GetTempPathW
0x140181200 SetFileInformationByHandle
0x140181208 IsDebuggerPresent
0x140181210 GetFullPathNameW
0x140181218 GetFileAttributesExW
0x140181220 GetFileAttributesW
0x140181228 FindNextFileW
0x140181230 FindFirstFileExW
0x140181238 FindFirstFileW
0x140181240 FindClose
0x140181248 CreateFileW
0x140181250 CreateDirectoryW
0x140181258 GetCurrentDirectoryW
0x140181260 InitializeSListHead
0x140181268 IsProcessorFeaturePresent
0x140181270 GetCurrentThreadId
0x140181278 GetSystemTimeAsFileTime
0x140181280 VerifyVersionInfoW
0x140181288 SleepEx
0x140181290 WaitForMultipleObjects
0x140181298 PeekNamedPipe
0x1401812a0 GetFileType
0x1401812a8 WaitForSingleObjectEx
0x1401812b0 MoveFileExA
0x1401812b8 FormatMessageW
0x1401812c0 SetLastError
0x1401812c8 GetEnvironmentVariableA
0x1401812d0 GetSystemDirectoryA
0x1401812d8 CreateEventA
0x1401812e0 SetEvent
0x1401812e8 Sleep
0x1401812f0 QueryPerformanceFrequency
0x1401812f8 QueryPerformanceCounter
0x140181300 MultiByteToWideChar
0x140181308 GlobalAlloc
0x140181310 GlobalFree
0x140181318 GlobalLock
0x140181320 WideCharToMultiByte
0x140181328 GlobalUnlock
0x140181330 GetModuleHandleA
0x140181338 LoadLibraryA
0x140181340 GetProcAddress
0x140181348 VerSetConditionMask
0x140181350 FreeLibrary
0x140181358 VirtualFree
0x140181360 DeviceIoControl
0x140181368 VirtualAlloc
0x140181370 LoadLibraryExA
0x140181378 GetCurrentProcessId
0x140181380 VirtualQuery
0x140181388 GetConsoleWindow
0x140181390 SetConsoleTextAttribute
0x140181398 SetConsoleTitleA
0x1401813a0 GetStdHandle
0x1401813a8 SetCurrentConsoleFontEx
0x1401813b0 SetConsoleWindowInfo
0x1401813b8 AllocConsole
0x1401813c0 GetCurrentProcess
0x1401813c8 CloseHandle
0x1401813d0 Process32First
0x1401813d8 Module32Next
0x1401813e0 WaitForSingleObject
0x1401813e8 LocalAlloc
0x1401813f0 Module32First
0x1401813f8 CreateToolhelp32Snapshot
0x140181400 GetLastError
0x140181408 CreateFileA
0x140181410 Process32Next
0x140181418 LocalFree
0x140181420 GetFileSizeEx
0x140181428 DeleteCriticalSection
0x140181430 HeapAlloc
0x140181438 HeapFree
0x140181440 MapViewOfFile
0x140181448 UnmapViewOfFile
0x140181450 CreateFileMappingA
0x140181458 ReleaseSRWLockExclusive
0x140181460 AcquireSRWLockExclusive
0x140181468 GetTickCount
0x140181470 EnterCriticalSection
0x140181478 LeaveCriticalSection
0x140181480 InitializeCriticalSectionEx
0x140181488 ReadFile
USER32.dll
0x1401816c8 EnableMenuItem
0x1401816d0 UpdateWindow
0x1401816d8 SendInput
0x1401816e0 GetAsyncKeyState
0x1401816e8 SetWindowLongA
0x1401816f0 DefWindowProcA
0x1401816f8 SetLayeredWindowAttributes
0x140181700 FindWindowA
0x140181708 LoadImageA
0x140181710 DispatchMessageA
0x140181718 GetWindowRect
0x140181720 DestroyWindow
0x140181728 GetWindowLongA
0x140181730 MoveWindow
0x140181738 RegisterClassA
0x140181740 CreateWindowExA
0x140181748 TranslateMessage
0x140181750 PeekMessageA
0x140181758 UnregisterClassA
0x140181760 GetKeyState
0x140181768 MessageBoxA
0x140181770 LoadCursorA
0x140181778 ScreenToClient
0x140181780 GetCapture
0x140181788 ClientToScreen
0x140181790 TrackMouseEvent
0x140181798 GetForegroundWindow
0x1401817a0 SetCapture
0x1401817a8 SetCursor
0x1401817b0 GetClientRect
0x1401817b8 IsWindowUnicode
0x1401817c0 ReleaseCapture
0x1401817c8 SetCursorPos
0x1401817d0 GetCursorPos
0x1401817d8 OpenClipboard
0x1401817e0 CloseClipboard
0x1401817e8 EmptyClipboard
0x1401817f0 GetClipboardData
0x1401817f8 SetClipboardData
0x140181800 ShowWindow
0x140181808 GetSystemMenu
0x140181810 SetWindowPos
0x140181818 ShowScrollBar
0x140181820 GetMessageExtraInfo
SHELL32.dll
0x1401816b0 ShellExecuteA
0x1401816b8 SHGetKnownFolderPath
MSVCP140.dll
0x140181498 ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
0x1401814a0 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1401814a8 ??Bid@locale@std@@QEAA_KXZ
0x1401814b0 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1401814b8 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1401814c0 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1401814c8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1401814d0 ?_Syserror_map@std@@YAPEBDH@Z
0x1401814d8 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x1401814e0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1401814e8 ?_Winerror_map@std@@YAHH@Z
0x1401814f0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1401814f8 ??0_Lockit@std@@QEAA@H@Z
0x140181500 ??1_Lockit@std@@QEAA@XZ
0x140181508 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x140181510 _Thrd_detach
0x140181518 _Query_perf_counter
0x140181520 _Query_perf_frequency
0x140181528 _Thrd_join
0x140181530 _Thrd_id
0x140181538 _Cnd_do_broadcast_at_thread_exit
0x140181540 ?_Throw_Cpp_error@std@@YAXH@Z
0x140181548 ??Bios_base@std@@QEBA_NXZ
0x140181550 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181558 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181560 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140181568 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140181570 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140181578 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140181580 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140181588 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x140181590 ?_Xbad_function_call@std@@YAXXZ
0x140181598 ?_Xout_of_range@std@@YAXPEBD@Z
0x1401815a0 ?good@ios_base@std@@QEBA_NXZ
0x1401815a8 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401815b0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1401815b8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1401815c0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1401815c8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1401815d0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1401815d8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1401815e0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1401815e8 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1401815f0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1401815f8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x140181600 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x140181608 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181610 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x140181618 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140181620 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140181628 ?uncaught_exceptions@std@@YAHXZ
0x140181630 ?_Xbad_alloc@std@@YAXXZ
0x140181638 ?_Xlength_error@std@@YAXPEBD@Z
0x140181640 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140181648 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140181650 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x140181658 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x140181660 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x140181668 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140181670 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140181678 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x140181680 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181688 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
IMM32.dll
0x140181180 ImmSetCandidateWindow
0x140181188 ImmReleaseContext
0x140181190 ImmGetContext
0x140181198 ImmSetCompositionWindow
ntdll.dll
0x140181e68 RtlVirtualUnwind
0x140181e70 RtlAnsiStringToUnicodeString
0x140181e78 RtlInitAnsiString
0x140181e80 RtlCaptureContext
0x140181e88 NtQuerySystemInformation
0x140181e90 RtlLookupFunctionEntry
dbghelp.dll
0x140181e38 ImageNtHeader
0x140181e40 ImageDirectoryEntryToData
0x140181e48 ImageRvaToVa
crypt.dll
0x140181e18 BCryptGenRandom
VCRUNTIME140_1.dll
0x1401818b0 __CxxFrameHandler4
VCRUNTIME140.dll
0x140181830 strrchr
0x140181838 _CxxThrowException
0x140181840 __current_exception_context
0x140181848 __current_exception
0x140181850 memchr
0x140181858 memcmp
0x140181860 memmove
0x140181868 __std_terminate
0x140181870 memset
0x140181878 memcpy
0x140181880 __C_specific_handler
0x140181888 strstr
0x140181890 strchr
0x140181898 __std_exception_copy
0x1401818a0 __std_exception_destroy
api-ms-win-crt-heap-l1-1-0.dll
0x140181b00 calloc
0x140181b08 realloc
0x140181b10 free
0x140181b18 _callnewh
0x140181b20 _set_new_mode
0x140181b28 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x140181bb8 _beginthreadex
0x140181bc0 _invalid_parameter_noinfo_noreturn
0x140181bc8 _exit
0x140181bd0 _errno
0x140181bd8 _register_thread_local_exe_atexit_callback
0x140181be0 __sys_errlist
0x140181be8 __sys_nerr
0x140181bf0 _c_exit
0x140181bf8 __p___argv
0x140181c00 __p___argc
0x140181c08 terminate
0x140181c10 _initterm_e
0x140181c18 _initterm
0x140181c20 abort
0x140181c28 _get_initial_narrow_environment
0x140181c30 _configure_narrow_argv
0x140181c38 _initialize_narrow_environment
0x140181c40 _initialize_onexit_table
0x140181c48 _register_onexit_function
0x140181c50 _crt_atexit
0x140181c58 _cexit
0x140181c60 _seh_filter_exe
0x140181c68 _set_app_type
0x140181c70 exit
api-ms-win-crt-string-l1-1-0.dll
0x140181d90 strpbrk
0x140181d98 strncmp
0x140181da0 _stricmp
0x140181da8 tolower
0x140181db0 strncpy
0x140181db8 _strdup
0x140181dc0 strcmp
0x140181dc8 strcspn
0x140181dd0 strspn
api-ms-win-crt-utility-l1-1-0.dll
0x140181e00 qsort
0x140181e08 rand
api-ms-win-crt-stdio-l1-1-0.dll
0x140181c80 fclose
0x140181c88 fflush
0x140181c90 _lseeki64
0x140181c98 _set_fmode
0x140181ca0 __acrt_iob_func
0x140181ca8 ftell
0x140181cb0 fgets
0x140181cb8 fputs
0x140181cc0 freopen_s
0x140181cc8 _open
0x140181cd0 __p__commode
0x140181cd8 fseek
0x140181ce0 __stdio_common_vswprintf
0x140181ce8 _read
0x140181cf0 _write
0x140181cf8 _get_stream_buffer_pointers
0x140181d00 _fileno
0x140181d08 _close
0x140181d10 _fseeki64
0x140181d18 __stdio_common_vfprintf
0x140181d20 fwrite
0x140181d28 _wfopen
0x140181d30 fread
0x140181d38 fsetpos
0x140181d40 ungetc
0x140181d48 setvbuf
0x140181d50 fopen
0x140181d58 fgetpos
0x140181d60 __stdio_common_vsscanf
0x140181d68 fgetc
0x140181d70 fputc
0x140181d78 __stdio_common_vsprintf
0x140181d80 feof
api-ms-win-crt-time-l1-1-0.dll
0x140181de0 strftime
0x140181de8 _time64
0x140181df0 _gmtime64
api-ms-win-crt-convert-l1-1-0.dll
0x140181a70 strtol
0x140181a78 strtoul
0x140181a80 atof
0x140181a88 strtod
0x140181a90 strtoll
0x140181a98 strtoull
0x140181aa0 wcstombs
0x140181aa8 atoi
api-ms-win-crt-environment-l1-1-0.dll
0x140181ab8 getenv
api-ms-win-crt-filesystem-l1-1-0.dll
0x140181ac8 _access
0x140181ad0 _lock_file
0x140181ad8 _fstat64
0x140181ae0 _stat64
0x140181ae8 _unlink
0x140181af0 _unlock_file
api-ms-win-crt-math-l1-1-0.dll
0x140181b58 _dsign
0x140181b60 ceilf
0x140181b68 _fdopen
0x140181b70 cosf
0x140181b78 __setusermatherr
0x140181b80 floorf
0x140181b88 fmodf
0x140181b90 sinf
0x140181b98 acosf
0x140181ba0 _dclass
0x140181ba8 sqrtf
api-ms-win-crt-locale-l1-1-0.dll
0x140181b38 ___lc_codepage_func
0x140181b40 localeconv
0x140181b48 _configthreadlocale
EAT(Export Address Table) is none
d3d11.dll
0x140181e28 D3D11CreateDevice
D3DCOMPILER_47.dll
0x140181170 D3DCompile
dwmapi.dll
0x140181e58 DwmExtendFrameIntoClientArea
WS2_32.dll
0x140181958 htonl
0x140181960 ntohs
0x140181968 listen
0x140181970 recv
0x140181978 getaddrinfo
0x140181980 freeaddrinfo
0x140181988 recvfrom
0x140181990 sendto
0x140181998 getpeername
0x1401819a0 ioctlsocket
0x1401819a8 gethostname
0x1401819b0 WSAGetLastError
0x1401819b8 WSAEventSelect
0x1401819c0 getsockopt
0x1401819c8 WSASetLastError
0x1401819d0 closesocket
0x1401819d8 WSAWaitForMultipleEvents
0x1401819e0 WSAResetEvent
0x1401819e8 getsockname
0x1401819f0 connect
0x1401819f8 WSAEnumNetworkEvents
0x140181a00 send
0x140181a08 ind
0x140181a10 accept
0x140181a18 select
0x140181a20 __WSAFDIsSet
0x140181a28 socket
0x140181a30 htons
0x140181a38 WSAIoctl
0x140181a40 setsockopt
0x140181a48 WSACloseEvent
0x140181a50 WSACleanup
0x140181a58 WSAStartup
0x140181a60 WSACreateEvent
Normaliz.dll
0x140181698 IdnToAscii
0x1401816a0 IdnToUnicode
ADVAPI32.dll
0x140181000 RegCloseKey
0x140181008 RegQueryValueExA
0x140181010 RegOpenKeyExA
0x140181018 SetKernelObjectSecurity
0x140181020 InitializeAcl
0x140181028 InitializeSecurityDescriptor
0x140181030 FreeSid
0x140181038 OpenProcessToken
0x140181040 AddAccessDeniedAce
0x140181048 RegSetValueExA
0x140181050 LookupPrivilegeValueA
0x140181058 AllocateAndInitializeSid
0x140181060 RegDeleteKeyA
0x140181068 RegOpenKeyA
0x140181070 AdjustTokenPrivileges
0x140181078 SetSecurityDescriptorDacl
0x140181080 LookupPrivilegeValueW
0x140181088 RegCreateKeyA
0x140181090 CryptAcquireContextA
0x140181098 CryptReleaseContext
0x1401810a0 CryptGetHashParam
0x1401810a8 CryptEncrypt
0x1401810b0 CryptImportKey
0x1401810b8 CryptDestroyKey
0x1401810c0 CryptDestroyHash
0x1401810c8 CryptHashData
0x1401810d0 CryptCreateHash
0x1401810d8 GetLengthSid
CRYPT32.dll
0x1401810e8 CertCloseStore
0x1401810f0 CertEnumCertificatesInStore
0x1401810f8 CertFindCertificateInStore
0x140181100 CertFreeCertificateContext
0x140181108 CryptStringToBinaryA
0x140181110 PFXImportCertStore
0x140181118 CryptDecodeObjectEx
0x140181120 CertAddCertificateContextToStore
0x140181128 CertFindExtension
0x140181130 CertGetNameStringA
0x140181138 CertOpenStore
0x140181140 CertCreateCertificateChainEngine
0x140181148 CertFreeCertificateChainEngine
0x140181150 CertGetCertificateChain
0x140181158 CertFreeCertificateChain
0x140181160 CryptQueryObject
WLDAP32.dll
0x1401818c0 None
0x1401818c8 None
0x1401818d0 None
0x1401818d8 None
0x1401818e0 None
0x1401818e8 None
0x1401818f0 None
0x1401818f8 None
0x140181900 None
0x140181908 None
0x140181910 None
0x140181918 None
0x140181920 None
0x140181928 None
0x140181930 None
0x140181938 None
0x140181940 None
0x140181948 None
KERNEL32.dll
0x1401811a8 TerminateProcess
0x1401811b0 SetUnhandledExceptionFilter
0x1401811b8 UnhandledExceptionFilter
0x1401811c0 SleepConditionVariableSRW
0x1401811c8 WakeAllConditionVariable
0x1401811d0 GetLocaleInfoEx
0x1401811d8 FormatMessageA
0x1401811e0 GetFileInformationByHandleEx
0x1401811e8 GetModuleHandleW
0x1401811f0 AreFileApisANSI
0x1401811f8 GetTempPathW
0x140181200 SetFileInformationByHandle
0x140181208 IsDebuggerPresent
0x140181210 GetFullPathNameW
0x140181218 GetFileAttributesExW
0x140181220 GetFileAttributesW
0x140181228 FindNextFileW
0x140181230 FindFirstFileExW
0x140181238 FindFirstFileW
0x140181240 FindClose
0x140181248 CreateFileW
0x140181250 CreateDirectoryW
0x140181258 GetCurrentDirectoryW
0x140181260 InitializeSListHead
0x140181268 IsProcessorFeaturePresent
0x140181270 GetCurrentThreadId
0x140181278 GetSystemTimeAsFileTime
0x140181280 VerifyVersionInfoW
0x140181288 SleepEx
0x140181290 WaitForMultipleObjects
0x140181298 PeekNamedPipe
0x1401812a0 GetFileType
0x1401812a8 WaitForSingleObjectEx
0x1401812b0 MoveFileExA
0x1401812b8 FormatMessageW
0x1401812c0 SetLastError
0x1401812c8 GetEnvironmentVariableA
0x1401812d0 GetSystemDirectoryA
0x1401812d8 CreateEventA
0x1401812e0 SetEvent
0x1401812e8 Sleep
0x1401812f0 QueryPerformanceFrequency
0x1401812f8 QueryPerformanceCounter
0x140181300 MultiByteToWideChar
0x140181308 GlobalAlloc
0x140181310 GlobalFree
0x140181318 GlobalLock
0x140181320 WideCharToMultiByte
0x140181328 GlobalUnlock
0x140181330 GetModuleHandleA
0x140181338 LoadLibraryA
0x140181340 GetProcAddress
0x140181348 VerSetConditionMask
0x140181350 FreeLibrary
0x140181358 VirtualFree
0x140181360 DeviceIoControl
0x140181368 VirtualAlloc
0x140181370 LoadLibraryExA
0x140181378 GetCurrentProcessId
0x140181380 VirtualQuery
0x140181388 GetConsoleWindow
0x140181390 SetConsoleTextAttribute
0x140181398 SetConsoleTitleA
0x1401813a0 GetStdHandle
0x1401813a8 SetCurrentConsoleFontEx
0x1401813b0 SetConsoleWindowInfo
0x1401813b8 AllocConsole
0x1401813c0 GetCurrentProcess
0x1401813c8 CloseHandle
0x1401813d0 Process32First
0x1401813d8 Module32Next
0x1401813e0 WaitForSingleObject
0x1401813e8 LocalAlloc
0x1401813f0 Module32First
0x1401813f8 CreateToolhelp32Snapshot
0x140181400 GetLastError
0x140181408 CreateFileA
0x140181410 Process32Next
0x140181418 LocalFree
0x140181420 GetFileSizeEx
0x140181428 DeleteCriticalSection
0x140181430 HeapAlloc
0x140181438 HeapFree
0x140181440 MapViewOfFile
0x140181448 UnmapViewOfFile
0x140181450 CreateFileMappingA
0x140181458 ReleaseSRWLockExclusive
0x140181460 AcquireSRWLockExclusive
0x140181468 GetTickCount
0x140181470 EnterCriticalSection
0x140181478 LeaveCriticalSection
0x140181480 InitializeCriticalSectionEx
0x140181488 ReadFile
USER32.dll
0x1401816c8 EnableMenuItem
0x1401816d0 UpdateWindow
0x1401816d8 SendInput
0x1401816e0 GetAsyncKeyState
0x1401816e8 SetWindowLongA
0x1401816f0 DefWindowProcA
0x1401816f8 SetLayeredWindowAttributes
0x140181700 FindWindowA
0x140181708 LoadImageA
0x140181710 DispatchMessageA
0x140181718 GetWindowRect
0x140181720 DestroyWindow
0x140181728 GetWindowLongA
0x140181730 MoveWindow
0x140181738 RegisterClassA
0x140181740 CreateWindowExA
0x140181748 TranslateMessage
0x140181750 PeekMessageA
0x140181758 UnregisterClassA
0x140181760 GetKeyState
0x140181768 MessageBoxA
0x140181770 LoadCursorA
0x140181778 ScreenToClient
0x140181780 GetCapture
0x140181788 ClientToScreen
0x140181790 TrackMouseEvent
0x140181798 GetForegroundWindow
0x1401817a0 SetCapture
0x1401817a8 SetCursor
0x1401817b0 GetClientRect
0x1401817b8 IsWindowUnicode
0x1401817c0 ReleaseCapture
0x1401817c8 SetCursorPos
0x1401817d0 GetCursorPos
0x1401817d8 OpenClipboard
0x1401817e0 CloseClipboard
0x1401817e8 EmptyClipboard
0x1401817f0 GetClipboardData
0x1401817f8 SetClipboardData
0x140181800 ShowWindow
0x140181808 GetSystemMenu
0x140181810 SetWindowPos
0x140181818 ShowScrollBar
0x140181820 GetMessageExtraInfo
SHELL32.dll
0x1401816b0 ShellExecuteA
0x1401816b8 SHGetKnownFolderPath
MSVCP140.dll
0x140181498 ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
0x1401814a0 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1401814a8 ??Bid@locale@std@@QEAA_KXZ
0x1401814b0 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1401814b8 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1401814c0 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1401814c8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1401814d0 ?_Syserror_map@std@@YAPEBDH@Z
0x1401814d8 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x1401814e0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1401814e8 ?_Winerror_map@std@@YAHH@Z
0x1401814f0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1401814f8 ??0_Lockit@std@@QEAA@H@Z
0x140181500 ??1_Lockit@std@@QEAA@XZ
0x140181508 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x140181510 _Thrd_detach
0x140181518 _Query_perf_counter
0x140181520 _Query_perf_frequency
0x140181528 _Thrd_join
0x140181530 _Thrd_id
0x140181538 _Cnd_do_broadcast_at_thread_exit
0x140181540 ?_Throw_Cpp_error@std@@YAXH@Z
0x140181548 ??Bios_base@std@@QEBA_NXZ
0x140181550 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181558 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181560 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140181568 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140181570 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140181578 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140181580 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140181588 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x140181590 ?_Xbad_function_call@std@@YAXXZ
0x140181598 ?_Xout_of_range@std@@YAXPEBD@Z
0x1401815a0 ?good@ios_base@std@@QEBA_NXZ
0x1401815a8 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401815b0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1401815b8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1401815c0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1401815c8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1401815d0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1401815d8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1401815e0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1401815e8 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1401815f0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1401815f8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x140181600 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x140181608 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181610 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x140181618 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140181620 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140181628 ?uncaught_exceptions@std@@YAHXZ
0x140181630 ?_Xbad_alloc@std@@YAXXZ
0x140181638 ?_Xlength_error@std@@YAXPEBD@Z
0x140181640 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140181648 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140181650 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x140181658 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x140181660 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x140181668 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140181670 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140181678 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x140181680 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140181688 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
IMM32.dll
0x140181180 ImmSetCandidateWindow
0x140181188 ImmReleaseContext
0x140181190 ImmGetContext
0x140181198 ImmSetCompositionWindow
ntdll.dll
0x140181e68 RtlVirtualUnwind
0x140181e70 RtlAnsiStringToUnicodeString
0x140181e78 RtlInitAnsiString
0x140181e80 RtlCaptureContext
0x140181e88 NtQuerySystemInformation
0x140181e90 RtlLookupFunctionEntry
dbghelp.dll
0x140181e38 ImageNtHeader
0x140181e40 ImageDirectoryEntryToData
0x140181e48 ImageRvaToVa
crypt.dll
0x140181e18 BCryptGenRandom
VCRUNTIME140_1.dll
0x1401818b0 __CxxFrameHandler4
VCRUNTIME140.dll
0x140181830 strrchr
0x140181838 _CxxThrowException
0x140181840 __current_exception_context
0x140181848 __current_exception
0x140181850 memchr
0x140181858 memcmp
0x140181860 memmove
0x140181868 __std_terminate
0x140181870 memset
0x140181878 memcpy
0x140181880 __C_specific_handler
0x140181888 strstr
0x140181890 strchr
0x140181898 __std_exception_copy
0x1401818a0 __std_exception_destroy
api-ms-win-crt-heap-l1-1-0.dll
0x140181b00 calloc
0x140181b08 realloc
0x140181b10 free
0x140181b18 _callnewh
0x140181b20 _set_new_mode
0x140181b28 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x140181bb8 _beginthreadex
0x140181bc0 _invalid_parameter_noinfo_noreturn
0x140181bc8 _exit
0x140181bd0 _errno
0x140181bd8 _register_thread_local_exe_atexit_callback
0x140181be0 __sys_errlist
0x140181be8 __sys_nerr
0x140181bf0 _c_exit
0x140181bf8 __p___argv
0x140181c00 __p___argc
0x140181c08 terminate
0x140181c10 _initterm_e
0x140181c18 _initterm
0x140181c20 abort
0x140181c28 _get_initial_narrow_environment
0x140181c30 _configure_narrow_argv
0x140181c38 _initialize_narrow_environment
0x140181c40 _initialize_onexit_table
0x140181c48 _register_onexit_function
0x140181c50 _crt_atexit
0x140181c58 _cexit
0x140181c60 _seh_filter_exe
0x140181c68 _set_app_type
0x140181c70 exit
api-ms-win-crt-string-l1-1-0.dll
0x140181d90 strpbrk
0x140181d98 strncmp
0x140181da0 _stricmp
0x140181da8 tolower
0x140181db0 strncpy
0x140181db8 _strdup
0x140181dc0 strcmp
0x140181dc8 strcspn
0x140181dd0 strspn
api-ms-win-crt-utility-l1-1-0.dll
0x140181e00 qsort
0x140181e08 rand
api-ms-win-crt-stdio-l1-1-0.dll
0x140181c80 fclose
0x140181c88 fflush
0x140181c90 _lseeki64
0x140181c98 _set_fmode
0x140181ca0 __acrt_iob_func
0x140181ca8 ftell
0x140181cb0 fgets
0x140181cb8 fputs
0x140181cc0 freopen_s
0x140181cc8 _open
0x140181cd0 __p__commode
0x140181cd8 fseek
0x140181ce0 __stdio_common_vswprintf
0x140181ce8 _read
0x140181cf0 _write
0x140181cf8 _get_stream_buffer_pointers
0x140181d00 _fileno
0x140181d08 _close
0x140181d10 _fseeki64
0x140181d18 __stdio_common_vfprintf
0x140181d20 fwrite
0x140181d28 _wfopen
0x140181d30 fread
0x140181d38 fsetpos
0x140181d40 ungetc
0x140181d48 setvbuf
0x140181d50 fopen
0x140181d58 fgetpos
0x140181d60 __stdio_common_vsscanf
0x140181d68 fgetc
0x140181d70 fputc
0x140181d78 __stdio_common_vsprintf
0x140181d80 feof
api-ms-win-crt-time-l1-1-0.dll
0x140181de0 strftime
0x140181de8 _time64
0x140181df0 _gmtime64
api-ms-win-crt-convert-l1-1-0.dll
0x140181a70 strtol
0x140181a78 strtoul
0x140181a80 atof
0x140181a88 strtod
0x140181a90 strtoll
0x140181a98 strtoull
0x140181aa0 wcstombs
0x140181aa8 atoi
api-ms-win-crt-environment-l1-1-0.dll
0x140181ab8 getenv
api-ms-win-crt-filesystem-l1-1-0.dll
0x140181ac8 _access
0x140181ad0 _lock_file
0x140181ad8 _fstat64
0x140181ae0 _stat64
0x140181ae8 _unlink
0x140181af0 _unlock_file
api-ms-win-crt-math-l1-1-0.dll
0x140181b58 _dsign
0x140181b60 ceilf
0x140181b68 _fdopen
0x140181b70 cosf
0x140181b78 __setusermatherr
0x140181b80 floorf
0x140181b88 fmodf
0x140181b90 sinf
0x140181b98 acosf
0x140181ba0 _dclass
0x140181ba8 sqrtf
api-ms-win-crt-locale-l1-1-0.dll
0x140181b38 ___lc_codepage_func
0x140181b40 localeconv
0x140181b48 _configthreadlocale
EAT(Export Address Table) is none